What is the CoinDCX $44-million crypto theft?
India’s largest crypto exchange, CoinDCX, fell victim to a sophisticated $44.2-million hack on July 19, 2025.
Attackers managed to gain access to an operational wallet and drained it within minutes. Fortunately, the security architecture of CoinDCX meant all customer funds were kept completely safe.
News of the hack took nearly 17 hours to emerge, when blockchain sleuth ZachXBT alerted people to the potential hack via his official Telegram channel.
CoinDCX CEO Sumit Gupta was then quick to respond, releasing a statement on X, explaining that one of their internal operational accounts used for liquidity was compromised, but he confirmed that customer assets were kept safe.
This latest CoinDCX hack attack has been linked to the infamous Lazarus Group of North Korea, which is an aggressive state-sponsored hacking syndicate that targets crypto exchanges.
Many in the crypto community were frustrated at CoinDCX’s slow reporting, especially as the organization claims to keep a strong public stance on transparency. Community comments include, “Y’all built this exchange on the narrative of ‘being transparent with the community,’ yet it took over 18 hours to disclose the hack of more than $44 million.”
So, how did the attack take place, and why did it take CoinDCX so long to report it?
Did you know? North Korean attackers were responsible for the infamous Bybit hack in February 2025, which resulted in the most significant single crypto theft in history, totaling $1.5 billion.
How CoinDCX was hacked
The CoinDCX security breach unfolded with what has been referred to as military precision between July 16 and 19, 2025. Gupta describes the incident as a sophisticated server breach, and according to the exchange’s incident report.
“The attacker accessed the account used for operational liquidity provisioning by penetrating our liquidity infrastructure.”
ZachXBT, who has exposed some of the largest crypto scams over the past few years, has also been following the money trail. On his Telegram channel, he explained that “the attacker’s address was funded with one ether from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum.”
This Tornado Cash laundering crypto mixer has processed $7 billion since 2019 and was used in the initial…
Click Here to Read the Full Original Article at Cointelegraph.com News…
